Subject: Re: Best way to forward to login, then re-forward to originally requested
From: Vic C <[EMAIL PROTECTED]>
===
This question should never come up. :-)
It is a bad practice to use Struts or anything for JAAS, other than
JAAS. The sample Struts app should not be Login.
You should develop a Struts web app. and when done add JAAS.
Look at Servlet 2.2 or 2.3 Java Docs for more on Security.
The short story is.... it is done for you.
Vic
Charles Brault wrote:
> This question seems to come up frequently, probably should be in a FAQ.
> Using Servlet Filters is one approach. If you are using Struts 1.1 (in
> 1.0.2 it's slightly different), and want to use a Struts approach, try
> the following.
>
> I have an application that requires everyone to log in and certain
> information to be in session before anything else can be done. In order
> to prevent users from bookmarking a page and jumping into it without
> having first logged in, I have to check every incoming request for a
> valid session.
>
> IMHO, the easiest way to do this is to override one or more methods in
> the RequestProcessor (if you are using Struts 1.1). If you don't have
> the Struts source you need to obtain it and look at:
> org.apache.struts.action.RequestProcessor. The processPreprocess method
> simply returns true on each invocation. However, if you override the
> original code, and add your own checks, you can "filter" all the
> incoming requests for anything that's relevant to your situation.
>
> For example, in the following, we check to see if the incoming request
> is one of 3 possible pages, returning true if it is, false otherwise.
> Obviously, you'd need to do other things to handle other types of pages.
>
> public class TDRequestProcessor extends RequestProcessor {
>
> protected boolean processPreprocess(HttpServletRequest request,
> HttpServletResponse response) {
>
>
>
>
> String requri = request.getRequestURI();
>
> // first check the URI, if it's Splash, help or index.jsp,
> user is attempting to login
> String path = requri.substring(requri.lastIndexOf("/") + 1);
>
> if (path.equalsIgnoreCase("splash") ||
> path.equalsIgnoreCase("logon")|| path.equalsIgnoreCase("index.jsp")
> || path.equalsIgnoreCase("logonhelp")) {
> return true;
> }
>
> return false;
>
> }
>
>
>
> }
>
>
> Every request will funnel through this method. So you can check for
> objects in session and take appropriate forwarding actions if you don't
> obtain what's expected.
>
> You will need to add the following to the bottom (check the TLD for the
> exact location) of the struts-config.xml file:
>
> <controller
> processorClass="com.topdrawer.action.TDRequestProcessor"
> </controller>
>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
